This privacy policy applies to the processing of personal data performed by INVISIO, including its joint processing activities with our subsidiaries. The policy is intended to comply with both the General Data Protection Regulation (EU) 2016/679 ("EU GDPR"), the UK General Data Protection Regulation (“UK GDPR”) and Data Protection Act 2018, and the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), as applicable.
In general, for residents of the United States, INVISIO is committed to protecting personal data in line with applicable U.S. state privacy laws (including those of California, Colorado, Virginia, and others).
This policy outlines how we process your personal data and explain your rights in relation to the collection, use, and retention of your personal data by INVISIO.
Data Controller
INVISIO and our subsidiaries act as joint data controllers for personal data processed through shared IT systems and services. This joint controllership is established pursuant to Article 26 of the GDPR and UK GDPR.
Under the CCPA/CPRA, INVISIO and its subsidiaries may act as independent businesses with respect to certain personal data processed through shared IT systems and services.
INVISIO Group (as defined below) acts as a Joint Data Controller when processing your personal data.
1. INVISIO A/S (HQ) Stamholmen 157, 2650 Hvidovre, Denmark
2. INVISIO AB Box 151, 201 21 Malmö, Sweden
3. INVISIO Inc. 150 N. Michigan Ave, Suite 1950, Chicago, IL 60601, USA
4. INVISIO SAS, 2. Avenue des Bosquets, 78180 Montigny-le-Bretonneux, France
5. INVISIO Srl Via Maurizio Gonzaga 7, 20123 Milan, Italy
6. INVISIO Communications Ltd., Unit 3/4 Waverley Industrial Park, Hailsham Drive, Harrow HA1 4TR, UK
Collectively referred to as "INVISIO Group".
The arrangement between INVISIO outlines their respective roles and responsibilities in ensuring the protection of personal data. Data subjects may exercise their rights under data protection law with respect to and against either controller.
Contact Information
For general, EU & U.S. data protection matters:
INVISIO Group, c/o INVISIO A/S
Stamholmen 157
2650 Hvidovre
Denmark
Phone +45 7240 5500
Email: privacy@invisio.com
For UK-specific matters:
INVISIO Communications Ltd.
Unit 3/4 Waverley Industrial Park
Hailsham Drive
Harrow HA1 4TR
United Kingdom
Phone +44(0)20 8515 6200
Email: uk@invisio.com
Collection of Personal Data
Personal data is information that can identify you as an individual, either on its own or when combined with other data. It includes details such as your name, address, phone number, and email address. We only collect personal data for specific and lawful purposes, such as when you sign up for a newsletter, submit an inquiry, or apply for a job.
What We Collect
Newsletter and/or Interim Reports
When you subscribe to our press releases and/or interim reports, we require your email address. When you register for one of our annual meetings, we will collect your name, address, personal identification number, and email address.
Inquiries
When you submit an inquiry, we will collect your name and email address. This information is forwarded to the relevant company within INVISIO Group and the department/person who can respond to your inquiry.
Job Applications
When you submit a job application through our job portal, we collect various details, including your name, email address, postal address, phone number, nationality, educational background, employment history, and any additional information you choose to include in your job application or CV.
IP-number
When you visit the website, we will collect your IP address to monitor website traffic and assist in diagnosing problems. Please note that we do not use IP addresses for personal user identification.
Cookies
The website may store certain data elements known as 'cookies' on a visitor's computer. To learn more about how we use cookies and other technologies, please click the small cookie button located in the lower left corner of the website. Here, you can also adjust your cookie settings by either deleting cookies from your browser or changing your initial choice made when you first entered the website.
Purpose and Legal Basis for Processing
The following specifies the legal basis for processing your personal data in accordance with both the EU General Data Protection Regulation (GDPR), the UK General Data Protection Regulation (UK GDPR) and the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).
Collection of personal data for newsletters/interim reports when you have accepted to receive them from us
GDPR/UK GDPR:
Article 6(1)(a) GDPR/UK GDPR (consent).
CCPA/CPRA:
Personal data is collected and processed based on your affirmative consent, and you have the right to opt out of the sale or sharing of personal data at any time.
Relevant sections:
§ 1798.100 – Notice at collection, § 1798.110 – Right to know, § 1798.120 – Right to opt out of sale/sharing, § 1798.130 – Methods for submitting requests.
Collection of personal data for inquiries
GDPR/UK GDPR:
Article 6(1)(f) GDPR/UK GDPR (legitimate interests).
CCPA/CPRA:
Personal data is processed to respond to your inquiry under our business purposes, as defined by the Act, and is not used for unauthorized secondary purposes.
Relevant sections:
§ 1798.100 – Collection and use for business purposes, § 1798.140(e) – Definition of “business purpose,” § 1798.105 – Right to delete, § 1798.110 – Right to know.
Collection of personal data for job applications
GDPR/UK GDPR:
Article 6(1)(f) GDPR/UK GDPR (legitimate interests).
CCPA/CPRA:
Personal data is collected and used solely for the purpose of recruitment and employment consideration, in line with the rights afforded to job applicants under California law, including the right to access, correct, and delete their personal data.
Relevant sections:
§ 1798.100 – Purpose limitation, § 1798.105 – Right to delete, § 1798.106 – Right to correct (CPRA addition),
§ 1798.110 – Right to know, § 1798.115 – Disclosures of collection/source.
Collection of IP addresses
GDPR/UK GDPR:
Article 6(1)(f) GDPR/UK GDPR (legitimate interests).
CCPA/CPRA:
We collect IP addresses for business purposes, including security, analytics, and website functionality, and do not retain or use them beyond what is necessary.
Relevant sections:
§ 1798.140(e) – Definition of “business purpose” (e.g., security, analytics), § 1798.100 – Collection/use limitation, § 1798.110 – Right to know, § 1798.121 – Limiting use of sensitive Personal data (if geolocation is inferred).
Cookies
GDPR/UK GDPR:
For non-essential cookies, we rely on your consent pursuant to Article 6(1)(a) of the GDPR/UK GDPR and in accordance with Article 5(3) of the ePrivacy Directive. For strictly necessary cookies, we process personal data based on our legitimate interests under Article 6(1)(f).
CCPA/CPRA:
Cookies and similar technologies may be used to collect personal data for analytics, website functionality, and advertising purposes. Under CPRA, users have the right to opt out of the sale or sharing of such personal data, and we provide a "Do Not Sell or Share My Personal Data" link where required. INVISIO Group does not sell or share personal data under any circumstances.
Transfer of Data
Your personal data may be shared within the INVISIO Group and with trusted third-party service providers under binding data processing agreements.
Transfers may occur:
- Between the EU and the UK (covered by an EU adequacy decision).
- With third countries such as the United States.
Where no adequacy decision applies, we implement appropriate safeguards such as:
- Standard Contractual Clauses (SCCs) or the UK International Data Transfer Agreement (IDTA).
- Supplementary technical and contractual measures.
- Where applicable, reliance on the EU-U.S. Data Privacy Framework and UK Extension.
For California residents, international transfers are made in compliance with the CCPA/CPRA, ensuring that personal data is used only for legitimate business purposes and is not sold or shared without opt-out rights.
For U.S. residents outside California, personal data may be transferred to and processed in jurisdictions outside your state or country of residence, including the EU and UK. While U.S. federal law does not currently provide comprehensive data protection standards, INVISIO applies appropriate technical, organizational, and contractual safeguards to protect personal data in accordance with relevant state privacy laws.
You can contact the INVISIO Group to obtain a copy of the relevant appropriate safeguards in place.
Your Rights
As an EU, UK, or U.S. data subject, you have fundamental rights regarding your personal data. INVISIO Group is committed to facilitating the exercise of these rights and assisting you when you make inquiries. These rights include (but are not limited to):
- Right to Access: You have the right to request and receive a copy of your personal data held by INVISIO Group.
- Right to Rectification: You can request corrections to inaccurate or incomplete personal data.
- Right to Erasure (Right to Be Forgotten): You have the right to request the deletion of your personal data under certain circumstances.
- Right to Restriction of Processing: You can request the restriction of your data's processing in specific situations.
- Right to Object: You can object to the processing of your personal data for direct marketing or legitimate interests.
- Right to Withdraw Consent: If processing is based on your consent, you have the right to withdraw it at any time.
- Right to portability: You have the right to receive your personal data in a usable format and request that it be transferred to another organization, where technically possible.
- Right to File a Complaint: You can file a complaint with a supervisory authority if you believe your data rights have been violated.
- Right to non-discrimination: You have the right not to be denied services, charged different prices, or receive a different level of service for exercising your private rights.
- Right to opt out of sale/sharing: You can request that your personal data not be sold or shared with third parties, including for cross-context behavioral advertising. However, INVISIO Group does not sell or share personal data under any circumstances.
Exercising Your Rights
If you want to exercise your rights as a data subject, you can contact INVISIO Group at tel. +45 7240 5500 / privacy@invisio.com or INVISIO Communications Ltd. at tel. +44 (0) 20 8515 6200 / uk@invisio.com
Filing a Complaint
If you are not satisfied with how INVISIO Group uses your personal data, you have the right to report this to the Danish Data Protection Agency, the UK Information Commissioner’s Office (ICO) or the California Privacy Protection Agency (CPPA) which is the supervisory authorities responsible for overseeing INVISIO Group processing of personal data. You can submit your complaint to:
EU/EEA Residents:
Danish Data Protection Agency
Carl Jacobsens Vej 35
2500 Valby
Tel. +45 3319 3200
Denmark
Email: dt@datatilsynet.dk
Web: www.datatilsynet.dk
UK Residents:
Information Access Team
Information Commissioner’s Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Phone: +44 (0)303 123 1113
United Kingdom
Web: www.ico.org.uk
California Residents:
California Privacy Protection Agency (CPPA)
Web: https://cppa.ca.gov/
Or:
California Attorney General
Web: https://oag.ca.gov/privacy/ccpa
If your concern is about a data breach, you may also have the right to file a civil claim in California court under the CCPA.
Non-California U.S. Residents:
If you reside in a U.S. state with a comprehensive privacy law—such as Colorado, Virginia, Connecticut, Utah, or Texas—you may have the right to file a complaint with your state attorney general or data protection authority if you believe your privacy rights have been violated.
Because privacy laws differ by state, we encourage you to review the guidance of your state’s consumer protection office or attorney general for specific procedures.
Links to Other Websites
Our website includes links to other websites with privacy practices that may differ from those of INVISIO Group. If you submit personal data to any of those sites, your information will be governed by their respective privacy policies. We encourage you to thoroughly read the privacy policy of any website you visit.
Data Security
At INVISIO Group, we take your personal data seriously. We are committed to ensuring that your personal data remains confidential, accurate, and available when required. We use strong security measures and follow industry standards to protect your information from unauthorized access, interference, and any disruptions.
Trade Compliance
INVISIO Group operates globally and is therefore subject to applicable export control laws and trade regulations in each jurisdiction where it conducts business. This includes compliance with international, regional, and national rules governing the transfer of goods, technology, and data.
Shareholders
For information about the processing of shareholders' personal data, please refer to Shareholders' personal data policy.
Changes in the Privacy Policy
INVISIO Group’s Privacy Policy may be amended periodically. This policy was last updated in August 2025.
Contacting us
If you have any questions regarding our processing of your personal data or our use of cookies, you are welcome to contact us at privacy@invisio.com.